OSVDB ID: 39922

Title: Oracle PeopleSoft PeopleTools Unspecified FTP Script Upload Issue

Info

Disclosure
Apr 18, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 PeopleSoft PeopleTools contains a flaw, described by the vendor as "Possible security issue when writing FTP scripts into .txt and .log files while uploading files into FTP servers". No further details have been provided.

Classification

 Location: Local Access Required
Attack Type: Attack Type Unknown
Impact: Impact Unknown
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

 Upgrade to PeopleTools 8.22.15 or higher for the 8.22 line, 8.47.13 or higher for the 8.47 line, or 8.48.09 or higher for the 8.48 line, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Oracle Corporation

PeopleTools

 8.48 GA
8.22.05
8.47.04
8.22.06
8.47.05
8.48.01
8.48.02
8.22.07
8.47.06
8.47.07
8.48.03
8.22.08
8.48.04
8.22.09
8.47.08
8.47.09
8.48.05
8.22.10
8.22 GA
8.47.10
8.22.11
8.48.06
8.22.12
8.47 GA
8.22.01
8.47.11
8.22.02
8.22.13
8.47.01
8.22.03
8.47.02
8.22.04
8.47.03
8.22.14
8.47.12
8.48.07
8.48.08

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/39922